CVE-2016-1602

CWE-94 — Code Injection3 documents3 sources

Severity

7.8HIGH

EPSS

0.1%

top 70.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Suse Linux Enterprise Desktop Suse Linux Enterprise Server Suse Suse Linux Enterprise Server

Timeline

PublishedMar 23

Latest updateMay 14

Description

A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (usually root).

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶NVDsuse/linux_enterprise_server12

▶NVDsuse/linux_enterprise_desktop12

▶NVDsuse/suse_linux_enterprise_server12

▶CVEListV5supportconfigsupportconfig

🔴Vulnerability Details

GHSA

GHSA-mg25-cv3c-p76j: A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Des↗2022-05-14

▶

CVEList

CVE-2016-1602: A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Des↗2017-03-23

▶